Vulnerability Details CVE-2009-3037
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.168
EPSS Ranking 94.5%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/36472
- http://secunia.com/advisories/36474
- http://www-01.ibm.com/support/docview.wss?uid=swg21396492
- http://www.securityfocus.com/bid/36042
- http://www.securityfocus.com/bid/36124
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
- http://www.vupen.com/english/advisories/2009/2389
- http://secunia.com/advisories/36472
- http://secunia.com/advisories/36474
- http://www-01.ibm.com/support/docview.wss?uid=swg21396492
- http://www.securityfocus.com/bid/36042
- http://www.securityfocus.com/bid/36124
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090825_00
- http://www.vupen.com/english/advisories/2009/2389
Products affected by CVE-2009-3037
-
cpe:2.3:a:autonomy:keyview:*
-
cpe:2.3:a:ibm:lotus_notes:5.0
-
cpe:2.3:a:ibm:lotus_notes:5.0.1
-
cpe:2.3:a:ibm:lotus_notes:5.0.10
-
cpe:2.3:a:ibm:lotus_notes:5.0.11
-
cpe:2.3:a:ibm:lotus_notes:5.0.12
-
cpe:2.3:a:ibm:lotus_notes:5.0.2
-
cpe:2.3:a:ibm:lotus_notes:5.0.3
-
cpe:2.3:a:ibm:lotus_notes:5.0.4
-
cpe:2.3:a:ibm:lotus_notes:5.0.5
-
cpe:2.3:a:ibm:lotus_notes:5.0.6
-
cpe:2.3:a:ibm:lotus_notes:5.0.9a
-
cpe:2.3:a:ibm:lotus_notes:5.02
-
cpe:2.3:a:ibm:lotus_notes:6.0
-
cpe:2.3:a:ibm:lotus_notes:6.0.1
-
cpe:2.3:a:ibm:lotus_notes:6.0.2
-
cpe:2.3:a:ibm:lotus_notes:6.0.3
-
cpe:2.3:a:ibm:lotus_notes:6.0.4
-
cpe:2.3:a:ibm:lotus_notes:6.0.5
-
cpe:2.3:a:ibm:lotus_notes:6.5
-
cpe:2.3:a:ibm:lotus_notes:6.5.1
-
cpe:2.3:a:ibm:lotus_notes:6.5.2
-
cpe:2.3:a:ibm:lotus_notes:6.5.3
-
cpe:2.3:a:ibm:lotus_notes:6.5.4
-
cpe:2.3:a:ibm:lotus_notes:6.5.5
-
cpe:2.3:a:ibm:lotus_notes:6.5.6
-
cpe:2.3:a:ibm:lotus_notes:7.0
-
cpe:2.3:a:ibm:lotus_notes:7.0.0
-
cpe:2.3:a:ibm:lotus_notes:7.0.1
-
cpe:2.3:a:ibm:lotus_notes:7.0.2
-
cpe:2.3:a:ibm:lotus_notes:7.0.3
-
cpe:2.3:a:ibm:lotus_notes:8.0
-
cpe:2.3:a:ibm:lotus_notes:8.0.0
-
cpe:2.3:a:ibm:lotus_notes:8.0.1
-
cpe:2.3:a:ibm:lotus_notes:8.5
-
cpe:2.3:a:symantec:brightmail_appliance:5.0
-
cpe:2.3:a:symantec:brightmail_appliance:8.0.0
-
cpe:2.3:a:symantec:brightmail_appliance:8.0.1
-
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:7.2
-
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:8.1.1
-
cpe:2.3:a:symantec:data_loss_prevention_detection_servers:9.0.1
-
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:8.1.1
-
cpe:2.3:a:symantec:data_loss_prevention_endpoint_agents:9.0.1
-
cpe:2.3:a:symantec:mail_security:5.0
-
cpe:2.3:a:symantec:mail_security:5.0.0
-
cpe:2.3:a:symantec:mail_security:5.0.1
-
cpe:2.3:a:symantec:mail_security:5.0.1.181
-
cpe:2.3:a:symantec:mail_security:5.0.1.182
-
cpe:2.3:a:symantec:mail_security:5.0.1.189
-
cpe:2.3:a:symantec:mail_security:5.0.1.200
-
cpe:2.3:a:symantec:mail_security:5.0.10
-
cpe:2.3:a:symantec:mail_security:5.0.11
-
cpe:2.3:a:symantec:mail_security:5.0.12
-
cpe:2.3:a:symantec:mail_security:6.0.6
-
cpe:2.3:a:symantec:mail_security:6.0.7
-
cpe:2.3:a:symantec:mail_security:6.0.8
-
cpe:2.3:a:symantec:mail_security:7.5.3.25
-
cpe:2.3:a:symantec:mail_security:7.5.4.29
-
cpe:2.3:a:symantec:mail_security:7.5.5.32
-
cpe:2.3:a:symantec:mail_security:7.5.6
-
cpe:2.3:a:symantec:mail_security:8.0
-
cpe:2.3:a:symantec:mail_security_appliance:5.0
-
cpe:2.3:a:symantec:mail_security_appliance:5.0.0.24
-
cpe:2.3:a:symantec:mail_security_appliance:5.0.0.36